Are smart home security systems more of a security risk than a benefit?

[Pelican Press 0]

Are smart home security systems more of a security risk than a benefit?

Last September, owners of Wyze security cameras in the US were shocked to discover that rather than viewing footage from their own homes on their webcam feeds, they were actually peering into the properties of other camera owners. 

“Went to check on my cameras and they are all gone to be replaced with a new one…and this isn’t mine,” said one user on

This is the hidden content, please

• Sign In
• or
• Sign Up

As it turned out, this was far from an isolated incident, too.

Less than six months later the same thing happened again, this time 13,000 Wyze users received thumbnails from other people’s cameras which allowed their home’s footage to be viewed by other users. The company said at the time a ‘sudden surge in demand caused the system to mix up user device IDs and user ID mapping, thereby linking the wrong accounts with some data’ – hardly reassuring from users who understandably expect their security camera footage to remain private. 

Nor is Wyze the only culprit. In 2018, five ********* security consultants found a way to access video footage from security cameras made by

This is the hidden content, please

• Sign In
• or
• Sign Up

just by inputting a product serial number without any need for a username and password. And in 2022, security researcher Paul Moore discovered that the Anker-owned Eufy’s Doorbell Dual camera feed could be accessed by a web browser just by knowing the right URL without needing any password at all! 

(Image credit:

This is the hidden content, please

• Sign In
• or
• Sign Up

)

Government backing 

Of course, it would be easy to conclude from these various incidents that owning a home security system is simply more trouble than it’s worth. The good news is though that things are getting better thanks to new government legislation and a greater awareness among the public about the importance of strong passwords. 

In April, the *** introduced the Product Security and Telecommunications Infrastructure (PSTI) Act. This means that all manufacturers of IoT devices (including security cameras, smart TVs, smart fridges etc.) must meet minimum password requirements, adhere to recognised security standards (ETSI EN 303 645 and ISO/IEC29147) and inform consumers about the minimum ******* that security updates are provided for each device. ******** to do so could result in a £10 million fine or 4% of worldwide revenue. 

Meanwhile, in the US, the Connectivity Standards Alliance (the group behind the Matter smart home standard) recently introduced the

This is the hidden content, please

• Sign In
• or
• Sign Up

for smart consumer devices, including lightbulbs, switches, thermostats and cameras. Developed by nearly 200 member companies, including

This is the hidden content, please

• Sign In
• or
• Sign Up

,

This is the hidden content, please

• Sign In
• or
• Sign Up

, Shneider Electric and Signify (Philips Hue and WiZ), the specification stipulates several requirements for IoT devices including having a unique ID, no hardcoded default passwords, secure storage of sensitive data and software updates during the product’s support *******. Devices meeting these requirements will be able to carry the CSA’s new Product Security Verified (PSV) mark. Last year the US government also introduced its own Cyber Trust Mark for products meeting certain security standards outlined in a report by the

This is the hidden content, please

• Sign In
• or
• Sign Up

logy (NIST). 

Sign up for breaking news, reviews, opinion, top tech deals, and more.

“It’s still early days and only a handful of devices have passed the certification so far, but the idea is that consumers in a hardware store will be able to check for the mark and also scan a QR code on the device to see which tests they have passed,” Chris LaPré, Head of Technology for the CSA told TechRadar. “Online it’s hoped that retailers like

This is the hidden content, please

• Sign In
• or
• Sign Up

could have a checkbox to list only items that have met the standard.”  

(Image credit:

This is the hidden content, please

• Sign In
• or
• Sign Up

/ Ring)

Improving compliance 

Of course, legislation is one thing, enforcement quite another. In the ***, consumer association

This is the hidden content, please

• Sign In
• or
• Sign Up

that many manufacturers were still failing to comply with the new PSTI legislation particularly when it comes to informing customers about how long security updates would be provided for purchased products. 

Similarly in the US, Mr LaPré admits there ******** a problem with the home security ‘ecosystem’, particularly (though, as we’ve seen earlier, not exclusively) low-price ******** cameras. “If you go on

This is the hidden content, please

• Sign In
• or
• Sign Up

and say ‘give me a cheap IP camera’ and you just buy it, plug it in, and follow the directions you are probably going to be hacked in a couple of minutes,” he adds. Andy Whaley, Senior Technical Director of Norwegian cybersecurity firm Promon agrees. “We’ve previously seen how ******** electronics manufacturer Anker ******* to encrypt the camera feed on one of its smart home security devices. This neglect is a prime example of the trade-off between affordability and security.”

According to Richard Hughes, Head of Technical Cyber, A&O Cyber, buying from a reputable brand is always a good idea. “If you purchase products from a company such as ADT or

This is the hidden content, please

• Sign In
• or
• Sign Up

Ring Security, then you would expect they will have considered the security posture of their devices. But if you purchase devices from some unknown brand then it’s highly likely they will not have allocated any resources to ensure a vulnerability-free product.” 

And while it is perhaps ironic to think of the best home security cameras actually increasing your security risk, they do need to be ‘appropriately configured in the first instance, with strong passwords and if available multi-factor authentication to control access,’ explains Steven Furnell, IEEE senior member and professor of cybersecurity at the University of Nottingham. Particularly important is to protect the devices on which home security apps operate, including mobile phones and laptops. 

So should you buy a home security system? Certainly it’s not without risk, but there has been a definite shift to IoT devices that are

This is the hidden content, please

• Sign In
• or
• Sign Up

. There are also some simple steps for how to keep your smart home secure which can help make a difference.

At the same time governments and standards bodies are working to improve basic standards. Consumers too can play their part by deploying strong passwords and ensuring the latest security updates are installed on all their IoT devices, as well as by opting for approved products that display the latest certification – once they’re widely available.

You might also like

This is the hidden content, please

• Sign In
• or
• Sign Up

#smart #home #security #systems #security #risk #benefit

This is the hidden content, please

• Sign In
• or
• Sign Up

For verified travel tips and real support, visit: https://hopzone.eu/